0

I'm working with Wordpress for the first time and, as per the security guidelines in this guide, I'm chmodding wp-config.php to 600 (user can read/write, no one else can do anything). However, this gives me the white screen of death when I try to access the admin console. Why is this?

Dylan Knowles
  • 147
  • 1
  • 3
  • 9

2 Answers2

2

My bet is that you just need to set that file's owner as the same user that your webserver is running as.

If your webserver is running as, say, www-data, then just:

$ chown www-data /path/to/wp-config.php
EEAA
  • 109,363
  • 18
  • 175
  • 245
  • How would I figure this out? I'm very new to Wordpress. – Dylan Knowles Jul 13 '11 at 20:47
  • 1
    Personally, I'd rather set the ownership in a more secure manner. Change the *group* to your apache user, and then chmod the file 640 instead of 600. This way, if the httpd is compromised, that file can only be read, not modified. – sandroid Jul 13 '11 at 20:48
  • I'm not sure what my apache user is; I'm just getting started with these technologies. – Dylan Knowles Jul 13 '11 at 20:50
  • @kanov-baekonfat - sounds more like you're new to unix/linux OS, actually. Look up how to navigate the unix/linux CLI, specifically how to list files and change owners/permissions. You need to determine what user owns the file (ls -l /path/to/wp-config.php) as well as what user is running the httpd process (ps aux |grep httpd) – sandroid Jul 13 '11 at 20:55
  • Actually I've been using it for quite a while :D - there's just a lot of functionality and I haven't used all of it. I can change permissions and users quite easily (and have tried this already to no avail). I'd completely forgotten the ps aux command. I'll give that a shot and see where it takes me. Thanks! *Edit:* I'm likely not as familiar with unix/linux as the average server admin. – Dylan Knowles Jul 13 '11 at 20:58
  • Group and owner of the file is set to the apache user; no change. Tried root as well; no change. – Dylan Knowles Jul 13 '11 at 21:00
  • Bam! You're exactly right. Going into /etc/apache2/envvars, I found that apache was being run as www-data. I didn't even know I had this user. Changing the user and the group has made this work. Thank you! – Dylan Knowles Jul 13 '11 at 21:17
  • @kanov Great! Glad to help. – EEAA Jul 13 '11 at 21:20
  • @sandroid I also did what you suggested to help improve security. While I find it more likely that my account would be compromised, this does add write protection in the event that the httpd is compromised. Thanks again. – Dylan Knowles Jul 13 '11 at 21:23
1

The reason you see the white page is because WordPress is not getting the information out of the wp-config.php. This is because your http server does not have permissions to read that file.

To correct this you need to change the permissions to allow your http server to read the file. How to do this is going to depend on how your server is setup. If it is running under the www-data group (or similar group) the preferred method would be to

# chgrp www-data /path/to/wp-config.php
# chmod 640 /path/to/wp-config.php

If your http service is running under something like the nobody group then you might need to chmod your file to 644. 640 is the better option as 644 will allow any user on the system to read the file and 640 will only allow the owner and group to read the file.

Considering this file contains passwords for your database, I suggest the chgrp method.

madflojo
  • 320
  • 2
  • 5
  • If I could double-accept answers I would. Thanks for the great response; this is a very useful answer and is what the problem was. – Dylan Knowles Jul 14 '11 at 17:16